Re: [Samba] permissions keeping changing

2012-12-04 Thread Jeremy Allison 
On Tue, Dec 04, 2012 at 06:12:36PM -0500, Bill Brunt wrote:
> I've got a share where I needed the permissions to be 770 and I think an 
> Apple Mac computer is connecting to a Samba share and changing the 
> permissions each day.
> 
> At the end of the day, I'll set permissions to:
> 
> root@backblaze02:/share1/QuinceCt/.TemporaryItems# ls -la
> total 12
> drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare   16 Nov 15 14:57 .
> drwxrwx--- 9 jlehmanjr qcbbwritetoquincectshare 4096 Nov 25 11:45 ..
> -rwxrwx--- 1 jlehmanjr qcbbwritetoquincectshare 4096 Nov 15 14:57 
> ._folders.501
> drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare8 Nov 15 14:57 folders.501
> 
> And then in the morning, it will be:
> 
> root@backblaze02:/share1/QuinceCt/.TemporaryItems# ls -la
> total 12
> drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare   16 Nov 15 14:57 .
> drwxrwx--- 9 jlehmanjr qcbbwritetoquincectshare 4096 Nov 25 11:45 ..
> -rwx-- 1 jlehmanjr qcbbwritetoquincectshare 4096 Nov 15 14:57 
> ._folders.501
> drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare8 Nov 15 14:57 folders.501
> 
> Are there samba settings which can force permission settings to remain to 
> something?

If you're using 3.6.x or below, check out the "force security mode"
and "force directory security mode" parameters. As I said, these
have been removed in 4.0.0.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] permissions keeping changing

2012-12-04 Thread Jeremy Allison 
On Tue, Dec 04, 2012 at 06:12:36PM -0500, Bill Brunt wrote:
> I've got a share where I needed the permissions to be 770 and I think an 
> Apple Mac computer is connecting to a Samba share and changing the 
> permissions each day.
> 
> At the end of the day, I'll set permissions to:
> 
> root@backblaze02:/share1/QuinceCt/.TemporaryItems# ls -la
> total 12
> drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare   16 Nov 15 14:57 .
> drwxrwx--- 9 jlehmanjr qcbbwritetoquincectshare 4096 Nov 25 11:45 ..
> -rwxrwx--- 1 jlehmanjr qcbbwritetoquincectshare 4096 Nov 15 14:57 
> ._folders.501
> drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare8 Nov 15 14:57 folders.501
> 
> And then in the morning, it will be:
> 
> root@backblaze02:/share1/QuinceCt/.TemporaryItems# ls -la
> total 12
> drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare   16 Nov 15 14:57 .
> drwxrwx--- 9 jlehmanjr qcbbwritetoquincectshare 4096 Nov 25 11:45 ..
> -rwx-- 1 jlehmanjr qcbbwritetoquincectshare 4096 Nov 15 14:57 
> ._folders.501
> drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare8 Nov 15 14:57 folders.501
> 
> Are there samba settings which can force permission settings to remain to 
> something?

There were, but we removed them for 4.0.0 as no one was
using them :-).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] classicupgrade fails on rc6, worked on rc5

2012-12-04 Thread Andrew Bartlett 
On Tue, 2012-12-04 at 15:41 -0500, Thomas Simmons wrote:
> Hello,
> 
> I get the following error when performing a classicupgrade on rc6. This
> does not occur with rc4 or rc5. The command I am using is:
> 
> samba-tool domain classicupgrade \
> --dbdir=/root/import/var/lib/samba  --use-xattrs=yes \
> --realm=internal.testdom.com /root/import/etc/samba/smb.conf
> 
> ERROR(): uncaught exception - list index out
> of range
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line
> 1318, in run
> useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py",
> line 800, in upgrade_from_samba3
> homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object,
> base_dn, username, "homeDirectory")
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py",
> line 546, in get_posix_attr_from_ldap_backend
> return msg[0][attr][0]
> The connection to the LDAP server was closed

Sorry for the inconvenience, please try this patch.  

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org

>From 771b5819ce9d411973a463920b80244f59d4c0ee Mon Sep 17 00:00:00 2001
From: Andrew Bartlett 
Date: Wed, 5 Dec 2012 10:35:50 +1100
Subject: [PATCH] scripting: Handle missing LDAP entries in samba-tool domain
 classicupgrade

Reported-by: Thomas Simmons 
---
 source4/scripting/python/samba/upgrade.py | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 13d33c1..df9415e 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -802,6 +802,8 @@ Please fix this account before attempting to upgrade again
 homes[username] = pwd.getpwnam(username).pw_dir
 except KeyError:
 pass
+except IndexError:
+pass
 
 try:
 if ldap:
@@ -810,6 +812,8 @@ Please fix this account before attempting to upgrade again
 shells[username] = pwd.getpwnam(username).pw_shell
 except KeyError:
 pass
+except IndexError:
+pass
 
 try:
 if ldap:
@@ -818,6 +822,8 @@ Please fix this account before attempting to upgrade again
 pgids[username] = pwd.getpwnam(username).pw_gid
 except KeyError:
 pass
+except IndexError:
+pass
 
 logger.info("Reading WINS database")
 samba3_winsdb = None
-- 
1.7.11.7

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Andrew Bartlett 
On Mon, 2012-12-03 at 22:11 +0200, Hleb Valoshka wrote:
> On 12/3/12, Clodonil Trigo  wrote:
> > I am using centos 6.3 and did the migration from samba3 to Samba4. More the
> > "getent passwd" does not return users.
> > I made the link:
> > ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so
> > ln-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
> 
> I had similar problem but with Debian package, so I'm not sure that
> I'll help you (debian samba4 package is rather interesting thing) but
> in my case the problem was that libnss_winbind expects socket to be in
> /tmp/.winbind/ (or .winbindd? Check with "strings".) while winbind
> component stores it in /var/run/samba4/winbind/ (I don't know the
> correct path for your case). Try to make bind mount of socket
> directory or set correct path in smb.conf.

If the package is expecting a different path, then it is almost
certainly also expecting a different version of the winbind pipe
protocol, so this would not help.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] permissions keeping changing

2012-12-04 Thread Bill Brunt 
I've got a share where I needed the permissions to be 770 and I think an Apple 
Mac computer is connecting to a Samba share and changing the permissions each 
day.

At the end of the day, I'll set permissions to:

root@backblaze02:/share1/QuinceCt/.TemporaryItems# ls -la
total 12
drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare   16 Nov 15 14:57 .
drwxrwx--- 9 jlehmanjr qcbbwritetoquincectshare 4096 Nov 25 11:45 ..
-rwxrwx--- 1 jlehmanjr qcbbwritetoquincectshare 4096 Nov 15 14:57 ._folders.501
drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare8 Nov 15 14:57 folders.501

And then in the morning, it will be:

root@backblaze02:/share1/QuinceCt/.TemporaryItems# ls -la
total 12
drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare   16 Nov 15 14:57 .
drwxrwx--- 9 jlehmanjr qcbbwritetoquincectshare 4096 Nov 25 11:45 ..
-rwx-- 1 jlehmanjr qcbbwritetoquincectshare 4096 Nov 15 14:57 ._folders.501
drwxrwx--- 3 jlehmanjr qcbbwritetoquincectshare8 Nov 15 14:57 folders.501

Are there samba settings which can force permission settings to remain to 
something?

Here are the specifics:

--- smb.conf (partial, not all shares shown) 
---

# amba config file created using SWAT
# from UNKNOWN (192.168.99.26)
# Date: 2011/12/03 23:03:33

[global]
security = ads
password server = server
workgroup = lehmanengineers
realm = LEHMANENGINEERS.LOCAL
netbios name = backblaze02
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
username level = 3

[QuinceCt]
comment = Share used for media storage and other
path = /share1/QuinceCt
writeable = yes
write list = administrator, @qcbbwritetoquincectshare
valid users = @qcbbwritetoquincectshare, @qcbbreadfromquincectshare
#   read list = @qcbbreadfromquincectshare
create mask = 770
force create mode = 770
force directory mode = 0770
directory mask = 770
force group =  @qcbbwritetoquincectshare

[PC11Backup]
comment = Share used to hold backups of PC11...and so on, much more to 
file

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Print properties are not saved

2012-12-04 Thread Alessandro Dentella 
Hi,

I'm struggling to get a laser color printer working correctly. At first I
wasn't able to save print properties with Ubuntu 10.04. As I read of a bug
[1] that affected samba 3.4 up to 3.5.8 I upgraded to ubuntu 12.04 and samba
3.6.3. Now I'm not even able to upload drivers in the way I always did as
described in [2] and [3] (Italian).


My conf::

  [printers]
  comment = All Printers
  path = /var/spool/samba
  guest ok = Yes
  printable = Yes
  browseable = No

  [print$]
  comment = Printer Drivers
  path = /var/lib/samba/printers
  read only = yes
  write list = @"Domain Admins", root, administrator
  guest ok = Yes

I double checked every single point I understand. I operate ad user
administrator that is a Domain Admin that CAN write in
/var/lib/samba/printers but when I try to upload the driver from an XP
client I get:

  impossibile copiare hplj4650.CF_

  Assicurarsi che la posizione del file *qui sotto* sia corretta oppur
  specificarne un'altra e inserire 'HP Colo... CD' nell'unità scelta


That sounds like :

  no way to copy hplib4650.FC_
  Make sure the posotion of the file belo is correct or specify a different
  one and insert HP Color drive...

How can I debug permissions? I don't find any suspicious log, really when I
get this message I see no log at all in log.smb: does that sound correct?

Not to mention tat the printer is working correctly under Linux, and my real
problem is that I can't make windows set A4 page format.


I'd be willing to make some more trials but I'm running out of ideas...


thanks in advance
sandro
*:-)
  



[1] https://bugzilla.samba.org/show_bug.cgi?id=6727
[2] http://www.samba.org/samba/docs/man/Samba-Guide/happy.html#id2582657
[3] http://www.reteisi.org/allegati/netkit/stampanti/README.html



-- 
Sandro Dentella  *:-)
http://www.reteisi.org Soluzioni libere per le scuole
http://sqlkit.argolinux.orgSQLkit home page - PyGTK/python/sqlalchemy



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] classicupgrade fails on rc6, worked on rc5

2012-12-04 Thread Thomas Simmons 
Hello,

I get the following error when performing a classicupgrade on rc6. This
does not occur with rc4 or rc5. The command I am using is:

samba-tool domain classicupgrade \
--dbdir=/root/import/var/lib/samba  --use-xattrs=yes \
--realm=internal.testdom.com /root/import/etc/samba/smb.conf

ERROR(): uncaught exception - list index out
of range
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line
1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py",
line 800, in upgrade_from_samba3
homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object,
base_dn, username, "homeDirectory")
  File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py",
line 546, in get_posix_attr_from_ldap_backend
return msg[0][attr][0]
The connection to the LDAP server was closed
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Hleb Valoshka 
On 12/4/12, Clodonil Trigo  wrote:

> I did not think the process of winbind, I believe it is internal to samba.

There is no separate winbindd process in samba4. There are several
*.so providing this service.

> I did several test before migrating to the samba3 Samba4 and had success in
> all cases. More time to make real the problem gave winbind.

But have you tried?

> What line you changed in smb.conf?

I'm still using bind mount :) But option you need is "winbindd socket
directory".
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Rowland Penny 

On 04/12/12 14:44, Clodonil Trigo wrote:

Hi,

Commands:

[root@lost var]# ps ax | grep samba
23756 ?S  0:00 /usr/local/samba/sbin/samba
23757 ?S  0:38 /usr/local/samba/sbin/samba
23758 ?S  0:03 /usr/local/samba/sbin/samba
23761 ?S  0:00 /usr/local/samba/sbin/smbd --option=server 
role check:inhibit=yes --foreground
23803 ?S  0:00 /usr/local/samba/sbin/smbd --option=server 
role check:inhibit=yes --foreground
23818 ?S  1:04 /usr/local/samba/sbin/smbd --option=server 
role check:inhibit=yes --foreground
23826 ?S  0:36 /usr/local/samba/sbin/smbd --option=server 
role check:inhibit=yes --foreground



[root@lost var]# ps ax | grep winbind
30147 pts/2S+ 0:00 grep winbind


/usr/local/samba/etc/smb.conf

[global]
workgroup = KEEPERS.BRASIL
realm = KEEPERSBRASIL.COM 
netbios name = LOST
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbind, ntp_signd, kcc, dnsupdate

idmap_ldb:use rfc2307=Yes

[usuarios]
path = /V01/Dados/usuarios
read only = No
create mask = 2777
directory mask = 2777


[netlogon]
path = 
/usr/local/samba4-migracao/var/locks/sysvol/keepersbrasil.com/scripts 


read only = No

[sysvol]
path = /usr/local/samba4-migracao/var/locks/sysvol
read only = No


Clodonil

2012/12/4 Rowland Penny mailto:rpe...@f2s.com>>

'ps ax | grep samba



--
This message has been scanned for viruses and
dangerous content by *MailScanner* , and is
believed to be clean. 

Well, I am lost now, you only have the samba & smbd daemons running.
The users must be there as wbinfo -u shows them.
Selinux is Disabled (I take it that the server has been restarted since 
selinux was disabled)
Is there anything in any of the logs? /var/log/messages 
/usr/local/samba/var/log.samba
Have you tried joining another unix pc to the domain and running getent 
from there?


Rowland


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Clodonil Trigo 
Hi,

Commands:

[root@lost var]# ps ax | grep samba
23756 ?S  0:00 /usr/local/samba/sbin/samba
23757 ?S  0:38 /usr/local/samba/sbin/samba
23758 ?S  0:03 /usr/local/samba/sbin/samba
23761 ?S  0:00 /usr/local/samba/sbin/smbd --option=server role
check:inhibit=yes --foreground
23803 ?S  0:00 /usr/local/samba/sbin/smbd --option=server role
check:inhibit=yes --foreground
23818 ?S  1:04 /usr/local/samba/sbin/smbd --option=server role
check:inhibit=yes --foreground
23826 ?S  0:36 /usr/local/samba/sbin/smbd --option=server role
check:inhibit=yes --foreground


[root@lost var]# ps ax | grep winbind
30147 pts/2S+ 0:00 grep winbind


/usr/local/samba/etc/smb.conf

[global]
workgroup = KEEPERS.BRASIL
realm = KEEPERSBRASIL.COM
netbios name = LOST
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307=Yes

[usuarios]
path = /V01/Dados/usuarios
read only = No
create mask = 2777
directory mask = 2777


[netlogon]
path = /usr/local/samba4-migracao/var/locks/sysvol/keepersbrasil.com/scripts
read only = No

[sysvol]
path = /usr/local/samba4-migracao/var/locks/sysvol
read only = No


Clodonil

2012/12/4 Rowland Penny 

> 'ps ax | grep samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Rowland Penny 

On 04/12/12 14:17, Clodonil Trigo wrote:
Yes, this Samba4 running. Add users normally. All other features of 
Samba4 this OK.

Only winbind not.

The Winbind there is pid or socket?

Clodonil

Prof. Msc. Clodonil H. Trigo
www.nisled.org 
E-mail: clodo...@nisled.org 

Classificação: () Confidencial (X) Interna
As informações contidas nesta mensagem e respectivos anexos são de 
interesse exclusivo a quem foram dirigidos, podendo ser confidenciais, 
portanto fica proibida sua retenção, distribuição, divulgação, 
reprodução ou utilização, sob as penas da lei. Caso tenha recebido 
esta mensagem por engano, pedimos a gentileza de informar ao seu 
autor, eliminando-a de sua caixa de entrada, registros ou sistema de 
controle.




2012/12/4 Rowland Penny mailto:rpe...@f2s.com>>

On 04/12/12 13:13, Clodonil Trigo wrote:

Olá Rowland,

Yes, the command getent returns the users of the  /etc/passwd,
more not return of Samba4.

look selinux:

[root@lost samba]# cat /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted


I do not know what can be.


Clodonil


2012/12/4 Rowland Penny mailto:rpe...@f2s.com>>

This is strange, wbinfo -u shows all your users in samba 4,
but getent returns nothing, getent should at least return
your unix users, i.e. root etc.
I take it that after the classicupgrade you have turned
samba3 off, so could this be Selinux?



-- 
This message has been scanned for viruses and

dangerous content by *MailScanner*
, and is
believed to be clean.

OK, are sure that Samba4 is running? what does 'ps ax | grep
samba' return? and does 'ps ax | grep winbind' return anything?


Rowland


-- 
This message has been scanned for viruses and

dangerous content by *MailScanner* ,
and is
believed to be clean.



--
This message has been scanned for viruses and
dangerous content by *MailScanner* , and is
believed to be clean. 

Please post the output of 'ps ax | grep samba' and 'ps ax | grep winbind'

Winbindd is a pipe and should be in /usr/local/samba/var/run/winbindd

Also could you please post your /usr/local/samba/etc/smb.conf

Rowland


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Clodonil Trigo 
Yes, this Samba4 running. Add users normally. All other features of Samba4
this OK.
Only winbind not.

The Winbind there is pid or socket?

Clodonil

Prof. Msc. Clodonil H. Trigo
www.nisled.org
E-mail: clodo...@nisled.org

Classificação: () Confidencial (X) Interna
As informações contidas nesta mensagem e respectivos anexos são de
interesse exclusivo a quem foram dirigidos, podendo ser confidenciais,
portanto fica proibida sua retenção, distribuição, divulgação, reprodução
ou utilização, sob as penas da lei. Caso tenha recebido esta mensagem por
engano, pedimos a gentileza de informar ao seu autor, eliminando-a de sua
caixa de entrada, registros ou sistema de controle.



2012/12/4 Rowland Penny 

>  On 04/12/12 13:13, Clodonil Trigo wrote:
>
> Olá Rowland,
>
>  Yes, the command getent returns the users of the  /etc/passwd, more not
> return of Samba4.
>
>  look selinux:
>
>  [root@lost samba]# cat /etc/selinux/config
>   SELINUX=disabled
>  SELINUXTYPE=targeted
>
>
>  I do not know what can be.
>
>
>  Clodonil
>
>
> 2012/12/4 Rowland Penny 
>
>> This is strange, wbinfo -u shows all your users in samba 4, but getent
>> returns nothing, getent should at least return your unix users, i.e. root
>> etc.
>> I take it that after the classicupgrade you have turned samba3 off, so
>> could this be Selinux?
>>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* , and is
> believed to be clean.
>
> OK, are sure that Samba4 is running? what does 'ps ax | grep samba'
> return? and does 'ps ax | grep winbind' return anything?
>
>
> Rowland
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* , and is
> believed to be clean.
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Rowland Penny 

On 04/12/12 13:13, Clodonil Trigo wrote:

Olá Rowland,

Yes, the command getent returns the users of the  /etc/passwd, more 
not return of Samba4.


look selinux:

[root@lost samba]# cat /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted


I do not know what can be.


Clodonil


2012/12/4 Rowland Penny mailto:rpe...@f2s.com>>

This is strange, wbinfo -u shows all your users in samba 4, but
getent returns nothing, getent should at least return your unix
users, i.e. root etc.
I take it that after the classicupgrade you have turned samba3
off, so could this be Selinux?



--
This message has been scanned for viruses and
dangerous content by *MailScanner* , and is
believed to be clean. 
OK, are sure that Samba4 is running? what does 'ps ax | grep samba' 
return? and does 'ps ax | grep winbind' return anything?


Rowland


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Clodonil Trigo 
Olá Rowland,

Yes, the command getent returns the users of the  /etc/passwd, more not
return of Samba4.

look selinux:

[root@lost samba]# cat /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted


I do not know what can be.


Clodonil


2012/12/4 Rowland Penny 

> This is strange, wbinfo -u shows all your users in samba 4, but getent
> returns nothing, getent should at least return your unix users, i.e. root
> etc.
> I take it that after the classicupgrade you have turned samba3 off, so
> could this be Selinux?
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Rowland Penny 

On 04/12/12 11:52, Clodonil Trigo wrote:
I used this howto. Several tests made ​​prior to migration, and in any 
case worked.


Its make a debug this?


Clodonil

2012/12/3 Rowland Penny mailto:rpe...@f2s.com>>

Hi, I take it that you have followed the upgrade howto at:

https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
If you haven't, go there and see if you have missed a step.



--
This message has been scanned for viruses and
dangerous content by *MailScanner* , and is
believed to be clean. 


This is strange, wbinfo -u shows all your users in samba 4, but getent 
returns nothing, getent should at least return your unix users, i.e. 
root etc.
I take it that after the classicupgrade you have turned samba3 off, so 
could this be Selinux?


Rowland

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Clodonil Trigo 
I used this howto. Several tests made ​​prior to migration, and in any case
worked.

Its make a debug this?


Clodonil

2012/12/3 Rowland Penny 

> Hi, I take it that you have followed the upgrade howto at:
> https://wiki.samba.org/index.**php/Samba4/samba-tool/domain/**
> classicupgrade/HOWTO
> If you haven't, go there and see if you have missed a step.
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind - samba4

2012-12-04 Thread Clodonil Trigo 
Hi Hleb,

I did not think the process of winbind, I believe it is internal to samba.
I did several test before migrating to the samba3 Samba4 and had success in
all cases. More time to make real the problem gave winbind.

What line you changed in smb.conf?


Prof. Msc. Clodonil H. Trigo
www.nisled.org
E-mail: clodo...@nisled.org

Classificação: () Confidencial (X) Interna
As informações contidas nesta mensagem e respectivos anexos são de
interesse exclusivo a quem foram dirigidos, podendo ser confidenciais,
portanto fica proibida sua retenção, distribuição, divulgação, reprodução
ou utilização, sob as penas da lei. Caso tenha recebido esta mensagem por
engano, pedimos a gentileza de informar ao seu autor, eliminando-a de sua
caixa de entrada, registros ou sistema de controle.



2012/12/3 Hleb Valoshka <375...@gmail.com>

> On 12/3/12, Clodonil Trigo  wrote:
> > I am using centos 6.3 and did the migration from samba3 to Samba4. More
> the
> > "getent passwd" does not return users.
> > I made the link:
> > ln-s /usr/local/samba/lib/libnss_winbind.so.2 / lib/libnss_winbind.so
> > ln-s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
>
> I had similar problem but with Debian package, so I'm not sure that
> I'll help you (debian samba4 package is rather interesting thing) but
> in my case the problem was that libnss_winbind expects socket to be in
> /tmp/.winbind/ (or .winbindd? Check with "strings".) while winbind
> component stores it in /var/run/samba4/winbind/ (I don't know the
> correct path for your case). Try to make bind mount of socket
> directory or set correct path in smb.conf.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 RC5 BIND9 and DHCP

2012-12-04 Thread Rowland Penny 

On 03/12/12 23:32, Preston Kutzner wrote:

I'm attempting to get a recent build of S4 rc5 + Bind9 + ISC DHCP server
running.  I've got everything pretty much set up, have attempted to
implement a modified version of the script from here:
http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/
but I keep getting a "TKEY is unacceptable" error.  I've even
attempted to
step through the process contained in the script manually, but I still get
the same error.

Which keytab file should I be using in the first place, I haven't found
docs explaining that.  I know that the Windows clients update on their own,
but we have some Mac/Linux clients as well that I would like to be able to
have their entries updated dynamically.

Any help would be appreciated, even an "RTFM" as long as I can get pointed
to the relevant FM...

For a little bit of filler info, this is for a new domain that will be a
sub off our TLD (finally moving this to best practices) and we will be
migrating clients over to the new domain.  I have the domain provisioned,
Bind9 is working, as well as DHCP.  Windows clients update their entries
just fine, however clients that need to use the external script can't
update due to the TKEY error I'm getting.  This is the last piece of the
puzzle for me, so any help would be appreciated.

Hi, you need to create a user to just do the updates and then a keytab 
for him. If you want, I can email you the instructions I used when I 
used Bind9.1 ( I now use the internal DNS server)


Rowland


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [Announce] Samba 4.0.0rc6 Available for Download

2012-12-04 Thread Karolin Seeger 
Release Announcements
-

This is the sixth release candidate of Samba 4.0.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.

In this release candidate, we have a significant number of improvements
to our Access Control List (ACL) code, particularly for the Active
Directory Domain Controller, but also in our general purpose file
server.

These changes are important, as they enable Group Policy Objects to work
correctly, allow administrators to impose restrictions on some users
reading certain parts of the directory and correctly propagating
inherited ACLs down the LDAP directory tree.

Users of the Active Directory Domain Controller upgrading from any
previous release should run 'samba-tool ntacl sysvolreset' to re-sync
ACLs on the sysvol share with those matching the GPOs in LDAP and the
defaults from an initial provision.  This will set an underlying POSIX
ACL if required.

Samba 4.0 will be the next version of the Samba suite and incorporates
all the technology found in both the Samba4 series and the
stable 3.x series. The primary additional features over Samba 3.6 are
support for the Active Directory logon protocols used by Windows 2000
and above.

This release contains the best of all of Samba's
technology parts, both a file server (that you can reasonably expect
to upgrade existing Samba 3.x releases to) and the AD domain
controller work previously known as 'samba4'.

If you are upgrading, or looking to develop, test or deploy Samba 4.0
releases candidates, you should backup all configuration and data.


UPGRADING
=

Users upgrading from Samba 3.x domain controllers and wanting to use
Samba 4.0 as an AD DC should use the 'samba-tool domain
classicupgrade' command.  See the wiki for more details:
https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO.

Users upgrading from Samba 4.0 alpha and beta releases since alpha15
should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting
Samba.  Users upgrading from earlier alpha releases should contact the
team for advice.

Users upgrading an AD DC from any previous release should run
'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share
with those matching the GPOs in LDAP and the defaults from an initial
provision.  This will set an underlying POSIX ACL if required (eg not
using the NTVFS file server).

If you used the BIND9_FLATFILE or BIND9_DLZ features,
you'll have to add '-dns' to the 'server services' option,
as the internal dns server (SAMBA_INTERNAL) is the default now.


NEW FEATURES


Samba 4.0 supports the server-side of the Active Directory logon
environment used by Windows 2000 and later, so we can do full domain
join and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS.  We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.

Samba 4.0.0rc5 ships with two distinct file servers.  We now use the
file server from the Samba 3.x series 'smbd' for all file serving by
default.

Samba 4.0 also ships with the 'NTVFS' file server.  This file server
is what was used in all previous releases of Samba 4.0, and is
tuned to match the requirements of an AD domain controller.  We
continue to support this, not only to provide continuity to
installations that have deployed it as part of an AD DC, but also as a
running example of the NT-FSA architecture we expect to move smbd to in
the longer term.

For pure file server work, the binaries users would expect from that
series (nmbd, winbindd, smbpasswd) continue to be available.  When
running an AD DC, you only need to run 'samba' (not
nmbd/smbd/winbind), as the required services are co-coordinated by this
master binary.

As DNS is an integral part of Active Directory, we also provide two DNS
solutions, a simple internal DNS server for 'out of the box' configurations
and a more elaborate BIND plugin using the BIND DLZ mechanism in versions
9.8 and 9.9. During the provision, you can select which backend to use.
With the internal backend, your DNS server is good to go.
If you chose the BIND_DLZ backend, a configuration file will be generated
for bind to make it use this plugin, as well as a file explaining how to
set up bind.

To provide accurate timestamps to Windows clients, we integrate with
the NTP project to provide secured NTP replies.  To use you need to
start ntpd and configure it with the 'restrict ... ms-sntp' and
ntpsigndsocket options.

Finally, a new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals, and many tools and
internal workings of the DC code is now implemented in python.


#

Re: [Samba] samba4 binddlz performance

2012-12-04 Thread Thomas Manninger 
I think, i am in the near of the solution of my problem.

The search of a user is very fast (<1sec):
ldbsearch -H /var/lib/samba/private/sam.ldb cn=Administrator

But the search of a record is very slow (~3sec):
ldbsearch -H /var/lib/samba/private/sam.ldb -b 
DC=mb.intern,CN=MicrosoftDNS,CN=System,dc=mb,dc=intern dc=mbdom2

There are missing indexes in the ldb database??
Where can i can the index, or add some??

thanks!

 Original-Nachricht 
> Datum: Fri, 23 Nov 2012 14:32:31 -0800
> Von: Matthieu Patou 
> An: samba@lists.samba.org
> Betreff: Re: [Samba] samba4 binddlz performance

> On 11/19/2012 07:11 AM, Thomas Manninger wrote:
> > Hello,
> >
> > i am using samba4rc2.
> >
> > I have problems with the bind9 dlz module, i get very long response
> times from interal queries.
> >
> > root@s-srv01:~# dig s-srv04.test.local @192.168.0.4
> >
> > ; <<>> DiG 9.8.0-P4 <<>> s-srv04.test.local @192.168.0.4
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64478
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
> >
> > ;; QUESTION SECTION:
> > ;s-srv04.test.local. IN  A
> >
> > ;; ANSWER SECTION:
> > s-srv04.test.local.  900 IN  A   192.168.0.4
> >
> > ;; AUTHORITY SECTION:
> > test.local.   900 IN  NS  s-srv01.test.local.
> > test.local.   900 IN  NS  s-srv04.test.local.
> >
> > ;; ADDITIONAL SECTION:
> > s-srv01.test.local.  900 IN  A   192.168.0.1
> >
> > ;; Query time: 1239 msec
> > ;; SERVER: 192.168.0.4#53(192.168.0.4)
> > ;; WHEN: Mon Nov 19 16:07:59 2012
> > ;; MSG SIZE  rcvd: 108
> .local is normally used for mdns (see. 
> http://en.wikipedia.org/wiki/MDNS#Host_Discovery), can you try with 
> another kind of tld (ie. use domain test.corp).
> > external queries are a little bit faster:
> >
> > root@s-srv01:~# dig google.com @192.168.0.4
> >
> > ; <<>> DiG 9.8.0-P4 <<>> google.com @192.168.0.4
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56403
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6
> >
> > ;; QUESTION SECTION:
> > ;google.com.IN  A
> >
> > ;; ANSWER SECTION:
> > google.com. 300 IN  A   173.194.35.135
> > google.com. 300 IN  A   173.194.35.136
> > google.com. 300 IN  A   173.194.35.137
> > google.com. 300 IN  A   173.194.35.142
> > google.com. 300 IN  A   173.194.35.128
> > google.com. 300 IN  A   173.194.35.129
> > google.com. 300 IN  A   173.194.35.130
> > google.com. 300 IN  A   173.194.35.131
> > google.com. 300 IN  A   173.194.35.132
> > google.com. 300 IN  A   173.194.35.133
> > google.com. 300 IN  A   173.194.35.134
> >
> > ;; AUTHORITY SECTION:
> > .   45846   IN  NS  a.root-servers.net.
> > .   45846   IN  NS  c.root-servers.net.
> > .   45846   IN  NS  b.root-servers.net.
> > .   45846   IN  NS  g.root-servers.net.
> > .   45846   IN  NS  f.root-servers.net.
> > .   45846   IN  NS  j.root-servers.net.
> > .   45846   IN  NS  e.root-servers.net.
> > .   45846   IN  NS  i.root-servers.net.
> > .   45846   IN  NS  l.root-servers.net.
> > .   45846   IN  NS  k.root-servers.net.
> > .   45846   IN  NS  h.root-servers.net.
> > .   45846   IN  NS  d.root-servers.net.
> > .   45846   IN  NS  m.root-servers.net.
> >
> > ;; ADDITIONAL SECTION:
> > a.root-servers.net. 45846   IN  A   198.41.0.4
> > b.root-servers.net. 45846   IN  A   192.228.79.201
> > c.root-servers.net. 45846   IN  A   192.33.4.12
> > d.root-servers.net. 45846   IN  A   128.8.10.90
> > e.root-servers.net. 45846   IN  A   192.203.230.10
> > f.root-servers.net. 45846   IN  A   192.5.5.241
> >
> > ;; Query time: 281 msec
> > ;; SERVER: 192.168.0.4#53(192.168.0.4)
> > ;; WHEN: Mon Nov 19 16:09:06 2012
> > ;; MSG SIZE  rcvd: 511
> >
> >
> > When i change to the samba4 internal dns server, i get response time
> about ~1-2ms.
> >
> > But why is the bind dlz modul so slooow..?
> you can use kcachegrind to trace bind in foreground mode in order to see 
> where the time is spent.
> 
> Matthieu.
> 
> -- 
> Matthieu Patou
> Samba Team
> http://samba.org
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/option

Re: [Samba] File update detection

2012-12-04 Thread Harry Jede 
On 11:02:43 wrote Dennis Verspuij - SpuyMore:
> Hello,
> 
> I run Samba 4.0.0-168.fc18.rc5.x86_64 on my Linux box. I use an
> editor on my Windows box to edit files on one of the Samba shares
> and that editor has a file update detection mechanism, polling every
> x seconds for changes to file modification timestamp. And around
> every 12 to 14 seconds it pops up the files have been changed while
> they aren't. Any idea what may cause this?
For Smaba3.

man smb.conf

dos filetime resolution

and/or

fake directory create times

May be, a registry entry may fix this client behavior
https://lists.samba.org/archive/samba/2012-June/168067.html

> Kind regards,
> 
> Dennis Verspuij


-- 

Gruss
Harry Jede
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Windows 7 64 bit print

2012-12-04 Thread arun.sasi1 
Hello Team,

I am unable to upload windows 7 64 bit prit drivers.

I saw the bur report in https://bugzilla.samba.org/show_bug.cgi?id=6888

is this resolved or any workaround for installing the print drivers

Thanks & Regards,
Arun Sasi Venmalassery
-
Sr. Engineer - Server Management (UNIX),
Wipro Ltd (Dubai) |Mob: +971 566489491 | E: 
arun.sa...@wipro.com

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba3 PDC and Windows 8 RTM

2012-12-04 Thread Didster 
How very odd.

Is it defiantly WIndows 8 RTM you are using, not a beta/preview release?

I have the two registry keys set and its clearly ignoring them and just
trying to join an AD domain.


On Mon, Dec 3, 2012 at 4:57 PM, TAKAHASHI Motonobu  wrote:

> 2012/12/4 Didster :
> > If you could try Win8 64bit and let me know I would really appreciate it.
> >
> > Many thanks
> > Simon
>
> I tried newly installed Win8 64bit, modified two registry values and
> successed
>  to join and logon to the Samba 3.6.6 domain.
>
> My smb.conf is:
>
> -
> [global]
> workgroup = SAMBA366
> domain logons = yes
> passdb backend = tdbsam
>
> add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u
>
> [homes]
> writeable = yes
> browseable = no
> -
>
> ---
> TAKAHASHI Motonobu 
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba